This article describes the functions and properties of the various key types used for key management. Recommended crypto-periods are also discussed.
Categories and types of keys
Just as there are different types of household keys for the car, front door of the house, garage door, etc., keys also serve different functions in the world of digital communications. One should get an understanding of these different key functions are before any meaningful work can be done with cryptographic key management systems.
In general, cryptographic keys are categorized according to their properties and usage. A key may have one of three properties: Symmetric, Public or Private. Keys can be grouped as Asymmetric key pairs, which consist of one private and one public key.
Difference between Asymmetric and Symmetric keys
Algorithms for symmetric keys use a single key for both encryption and decryption. Algorithms for asymmetric keys use different keys for encryption and decryption. Symmetric key algorithms have the advantage in that they are much faster than asymmetric algorithms, and can handle thousands of keys with very little computer overhead. The main disadvantage is that at least one key has to transmitted to the receiving end, which means there is a possibility of it being intercepted and tampered with. This problem is solved by using asymmetric keys, as a message can be sent or received with a public key, while the other end (sender or receiver) uses a personal private key, depending on the key's purpose, such as assuring confidentiality, authentication, tamper detection, etc.
Using asymmetric keys for confidentiality
For example, to maintain confidentiality, a message can be encrypted with a public key as it is sent, which means anyone can intercept it and analyze its contents. But only the intended receiver with a private key that corresponds to the public key can decode the message. While the public key can be sent back and forth among recipients, the private key is fixed to one location, and won’t be sent anywhere.
Using asymmetric keys for authentication
To maintain authentication, the sender encrypts his/her identity on a message with a personal private key as it is sent, which acts as a signature, to verify the source of the message. In this case, the receiving end uses a public key to check the message, and find out who sent it. Since the decryption is done with a public key, anyone can check who sent the message.
Keys for long term or single usage
Keys can also have the property that they can be static (designed for long term usage) or ephemeral (designed to be used only for a single session or management transaction). This distinction is mainly applies to the Ephemeral Key Agreement Key (explained below) since the other key types are generally designed for long crypto-periods (usually 1 -2 years). Some key types that may need shorter crypto-periods (from a few days to a few weeks) are Symmetric authentication keys, Data Encryption keys, Key-Wrapping keys, Private Key-Transport keys, RNG keys, and Authorization keys.
Description of the 10 basic types of keys
Cryptographic keys can be classified in 10 different categories, as outlined below. Each key is designed for one specific purpose, and shouldn’t be mistaken for other key types. The cryptographic algorithms for each key type are described according to their properties (Symmetric, Public or Private):
Authentication Key (Symmetric, Public or Private)
Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, documents, or stored data.
A private (or public) authentication key is the private (or public) key of an asymmetric key pair that is used with a public-key algorithm to provide assurance as to the integrity and source of information and the identity of the originating entity when executing an authentication mechanism or when establishing an authenticated communication session.